Alert

FortiCWP aims to grant users ability to manage policy triggered alerts. It provides flexibility for you to determine alerts status, such as leaving the alerts open or dismissed thus reducing the amount of alerts in Alert page.

The prerequisite to generate alerts is to enable and configure security policies required by your organization. For more details on configuring policies, please refer to Policy Configuration

Accessing Alert

Follow these steps to view alerts.

1. From FortiCWP navigation pane on the left, click Alert.
2. Filter alerts through account type, alert states, severity level, and activity.
3. Click on any of the alert will show alert summary, policy name, object, severity level, created date and last updated date.
4. Click on Policy Name will show the related policy.
5. Click on Object will show detailed information on the cloud resource.

Types of alert state

Open- New violation found for the given resource and policy pair.

Resolved- The policy violation became not applicable anymore due to change of policy or resource. "Resolved" state can only be changed by FortiCWP automatically.

Dismissed- User manually dismissed the alert, but the violation may still exist. "Dismissed" state can only be changed by users.

Acknowledged- For DLP, compliance, threat protection policies, users can only change the alert state to "Acknowledged".

Alert state transition table

Alert states can be changed either manually or automatically by FortiCWP depending on the type of the alert. Below are all the available states that alert can be transition to per type of alert.

Risk assessment

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given resource and policy pair.
Open	Resolved	Policy updated	automatic	Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list.
		Policy disabled	automatic	Policy was disabled which led to termination of scanning and previously triggered alerts would disappear.
		Resource updated	automatic	Resource configuration was updated to fix the violation.
		Resource deleted	automatic	Resource was deleted.
	Dismissed	User action	manual	User manually dismiss the alert.
Dismissed	Open	User action	manual	User manually reopened the alert.
Resolved	Open	Policy updated	automatic	Policy was updated, e.g. the resource was removed from policy allow list.
		Policy enabled	automatic	Policy was enabled again. New Scanning resumed and previously triggered alert will appear again.

Network

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given resource and policy pair.
Open	Dismissed	User action	manual	User manually dismissed the alert.
Dismissed	Open	User action	manual	User manually reopened the alert.

Integration

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given resource and policy pair.
Open	Dismissed	User action	manual	User manually dismissed the alert.
Dismissed	Open	User action	manual	User manually reopened the alert.

Threat Protection

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given policy.
Open	Acknowledged	User action	manual	User manually marked the alert as acknowledged.

Data Analysis

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given resource and policy pair.
Open	Acknowledged	User action	manual	User manually marked the alert as acknowledged.

Compliance

Current State	Next State	Action	Policy Control	Description
None	Open	Alert triggered	automatic	New violation found for the given resource and policy pair.
Open	Acknowledged	User action	manual	User manually marked the alert as acknowledged.